CVE-2008-4827

Currently unrated

Key Information:

Vendor: SAP
Status: Tabone; SAP Gui; Tsc2 Help Desk; Sizerone
Vendor: CVE Published:; 8 January 2009

Summary

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.

References

http://www.securityfocus.com/archive/1/499830/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2009/0037

vdb-entryx_refsource_VUPEN

http://www.vupen.com/english/advisories/2009/0036

vdb-entryx_refsource_VUPEN

EPSS Score

68% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 8, 2009
Vulnerability Reserved
Oct 31, 2008